diff --git a/x-pack/test/functional/es_archives/security_solution/no_at_timestamp_field/data.json b/x-pack/test/functional/es_archives/security_solution/no_at_timestamp_field/data.json index 3ee1387b01e5c..8df1fe9e6116c 100644 --- a/x-pack/test/functional/es_archives/security_solution/no_at_timestamp_field/data.json +++ b/x-pack/test/functional/es_archives/security_solution/no_at_timestamp_field/data.json @@ -1,7 +1,7 @@ { "type": "doc", "value": { - "index": "no_at_timestamp_field", + "index": "auditbeat-no_at_timestamp_field", "source": { "locale": "pt", "event.category": "configuration", @@ -14,7 +14,7 @@ { "type": "doc", "value": { - "index": "no_at_timestamp_field", + "index": "auditbeat-no_at_timestamp_field", "source": { "locale": "es", "event.category": "configuration", @@ -27,7 +27,7 @@ { "type": "doc", "value": { - "index": "no_at_timestamp_field", + "index": "auditbeat-no_at_timestamp_field", "source": { "locale": "ua", "event.category": "configuration", diff --git a/x-pack/test/functional/es_archives/security_solution/no_at_timestamp_field/mappings.json b/x-pack/test/functional/es_archives/security_solution/no_at_timestamp_field/mappings.json index 76f0aa8521fc3..6a4940324dc58 100644 --- a/x-pack/test/functional/es_archives/security_solution/no_at_timestamp_field/mappings.json +++ b/x-pack/test/functional/es_archives/security_solution/no_at_timestamp_field/mappings.json @@ -1,7 +1,7 @@ { "type": "index", "value": { - "index": "no_at_timestamp_field", + "index": "auditbeat-no_at_timestamp_field", "mappings": { "dynamic": "strict", "properties": { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql.ts index cb5e4185eebd9..24b336587bae2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql.ts @@ -867,7 +867,7 @@ export default ({ getService }: FtrProviderContext) => { it('specifying only timestamp_field results in a warning, and no alerts are generated', async () => { const rule: EqlRuleCreateProps = { - ...getEqlRuleForAlertTesting(['no_at_timestamp_field']), + ...getEqlRuleForAlertTesting(['auditbeat-no_at_timestamp_field']), timestamp_field: 'event.ingested', }; @@ -878,7 +878,7 @@ export default ({ getService }: FtrProviderContext) => { expect(_log.errors).to.be.empty(); expect(_log.warnings).to.contain( - 'The following indices are missing the timestamp field "@timestamp": ["no_at_timestamp_field"]' + 'The following indices are missing the timestamp field "@timestamp": ["auditbeat-no_at_timestamp_field"]' ); const previewAlerts = await getPreviewAlerts({ es, previewId }); @@ -887,7 +887,7 @@ export default ({ getService }: FtrProviderContext) => { it('specifying only timestamp_override results in an error, and no alerts are generated', async () => { const rule: EqlRuleCreateProps = { - ...getEqlRuleForAlertTesting(['no_at_timestamp_field']), + ...getEqlRuleForAlertTesting(['auditbeat-no_at_timestamp_field']), timestamp_override: 'event.ingested', }; @@ -906,7 +906,7 @@ export default ({ getService }: FtrProviderContext) => { it('specifying both timestamp_override and timestamp_field results in alert creation with no warnings or errors', async () => { const rule: EqlRuleCreateProps = { - ...getEqlRuleForAlertTesting(['no_at_timestamp_field']), + ...getEqlRuleForAlertTesting(['auditbeat-no_at_timestamp_field']), timestamp_field: 'event.ingested', timestamp_override: 'event.ingested', }; diff --git a/x-pack/test/security_solution_cypress/cypress/README.md b/x-pack/test/security_solution_cypress/cypress/README.md index 1bbbd463ca32c..e58ace3933690 100644 --- a/x-pack/test/security_solution_cypress/cypress/README.md +++ b/x-pack/test/security_solution_cypress/cypress/README.md @@ -350,11 +350,15 @@ Store the saved key on `~/.elastic/cloud.json` using the following format: } ``` -Store the email and password of the account you used to login in the QA Environment at the root directory of your Kibana project on `.ftr/role_users.json`, using the following format: +By default all our Serverless tests are executed with the `platform_engineer` role. + +So you need to add to your organization a new user that has the required role. You can achieve that by using email aliases. + +Store the email and password of the account of the `platform_engineer` user at the root directory of your Kibana project on `.ftr/role_users.json`, using the following format: ```json { - "admin": { + "platform_engineer": { "email": "", "password": "" } @@ -380,7 +384,7 @@ If you want to execute a test using Cypress on visual mode with MKI, you need to ```json { - "admin": { + "platform_engineer": { "email": "", "password": "" }, diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts index 50284ea2cae94..6ae3cef6cc53e 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts @@ -36,11 +36,11 @@ describe('Close matching Alerts ', { tags: ['@ess', '@serverless'] }, () => { cy.task('esArchiverLoad', { archiveName: 'exceptions' }); login(); - postDataView('exceptions-*'); + postDataView('auditbeat-exceptions-*'); createRule( getNewRule({ query: 'agent.name:*', - data_view_id: 'exceptions-*', + data_view_id: 'auditbeat-exceptions-*', interval: '1m', rule_id: 'rule_testing', }) diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts index d9afe7d5a25ce..243e184d031f2 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts @@ -15,7 +15,6 @@ import { openExceptionFlyoutFromEmptyViewerPrompt, visitRuleDetailsPage, clickEnableRuleSwitch, - waitForTheRuleToBeExecuted, goToAlertsTab, } from '../../../../../tasks/rule_details'; import { @@ -43,7 +42,7 @@ describe('Exceptions match_any', { tags: ['@ess', '@serverless'] }, () => { login(); createRule( getNewRule({ - index: ['exceptions-*'], + index: ['auditbeat-exceptions-*'], enabled: false, query: '*', from: 'now-438300h', @@ -77,7 +76,6 @@ describe('Exceptions match_any', { tags: ['@ess', '@serverless'] }, () => { goToAlertsTab(); - waitForTheRuleToBeExecuted(); waitForAlertsToPopulate(); // Will match document with value "foo" and document with value "FOO" diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts index 5cfe2165e65e4..9709dd9eb57dc 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts @@ -27,7 +27,6 @@ import { openEditException, removeException, visitRuleDetailsPage, - waitForTheRuleToBeExecuted, } from '../../../../../tasks/rule_details'; import { @@ -46,7 +45,7 @@ import { } from '../../../../../screens/exceptions'; import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule'; -const DATAVIEW = 'exceptions-*'; +const DATAVIEW = 'auditbeat-exceptions-*'; describe( 'Add exception using data views from rule details', @@ -131,7 +130,6 @@ describe( // now that there are no more exceptions, the docs should match and populate alerts goToAlertsTab(); goToOpenedAlertsOnRuleDetailsPage(); - waitForTheRuleToBeExecuted(); waitForAlertsToPopulate(); cy.get(ALERTS_COUNT).should('exist'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/eql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/eql_rule.cy.ts index df9d7b28ac864..896259553708a 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/eql_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/eql_rule.cy.ts @@ -42,7 +42,7 @@ import { INTERVAL_ABBR_VALUE, } from '../../../../screens/rule_details'; -import { getDetails, waitForTheRuleToBeExecuted } from '../../../../tasks/rule_details'; +import { getDetails } from '../../../../tasks/rule_details'; import { expectNumberOfRules, goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules'; import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common'; import { @@ -138,7 +138,6 @@ describe('EQL rules', { tags: ['@ess', '@serverless'] }, () => { .should('have.text', `${humanizedDuration}`); }); - waitForTheRuleToBeExecuted(); waitForAlertsToPopulate(); cy.get(ALERTS_COUNT).should('have.text', expectedNumberOfAlerts); @@ -175,7 +174,6 @@ describe('EQL rules', { tags: ['@ess', '@serverless'] }, () => { createAndEnableRule(); openRuleManagementPageViaBreadcrumbs(); goToRuleDetailsOf(rule.name); - waitForTheRuleToBeExecuted(); waitForAlertsToPopulate(); cy.get(ALERTS_COUNT).should('have.text', expectedNumberOfSequenceAlerts); @@ -203,7 +201,7 @@ describe('EQL rules', { tags: ['@ess', '@serverless'] }, () => { visit(CREATE_RULE_URL); selectEqlRuleType(); getIndexPatternClearButton().click(); - getRuleIndexInput().type(`no_at_timestamp_field{enter}`); + getRuleIndexInput().type(`auditbeat-no_at_timestamp_field{enter}`); cy.get(RULES_CREATION_FORM).find(EQL_QUERY_INPUT).should('exist'); cy.get(RULES_CREATION_FORM).find(EQL_QUERY_INPUT).should('be.visible'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/new_terms_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/new_terms_rule.cy.ts index bb4acbd6746e2..0ea7a0d0f5e3b 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/new_terms_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/new_terms_rule.cy.ts @@ -47,7 +47,7 @@ import { INTERVAL_ABBR_VALUE, } from '../../../../screens/rule_details'; -import { getDetails, waitForTheRuleToBeExecuted } from '../../../../tasks/rule_details'; +import { getDetails } from '../../../../tasks/rule_details'; import { expectNumberOfRules, goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules'; import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common'; import { @@ -149,7 +149,6 @@ describe( .should('have.text', `${humanizedDuration}`); }); - waitForTheRuleToBeExecuted(); waitForAlertsToPopulate(); cy.get(ALERT_DATA_GRID) diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/override.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/override.cy.ts index 5f5e546c586d1..b23c68b341a96 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/override.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/override.cy.ts @@ -63,7 +63,7 @@ import { } from '../../../../tasks/create_new_rule'; import { login } from '../../../../tasks/login'; import { visit } from '../../../../tasks/navigation'; -import { getDetails, waitForTheRuleToBeExecuted } from '../../../../tasks/rule_details'; +import { getDetails } from '../../../../tasks/rule_details'; import { CREATE_RULE_URL } from '../../../../urls/navigation'; import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management'; @@ -149,7 +149,6 @@ describe('Rules override', { tags: ['@ess', '@serverless'] }, () => { .should('have.text', `${humanizedDuration}`); }); - waitForTheRuleToBeExecuted(); waitForAlertsToPopulate(); cy.get(ALERTS_COUNT) diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts index cc7354965ae2a..3243a2974836f 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts @@ -61,11 +61,7 @@ import { } from '../../../../tasks/create_new_rule'; import { login } from '../../../../tasks/login'; import { visit } from '../../../../tasks/navigation'; -import { - getDetails, - assertDetailsNotExist, - waitForTheRuleToBeExecuted, -} from '../../../../tasks/rule_details'; +import { getDetails, assertDetailsNotExist } from '../../../../tasks/rule_details'; import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management'; import { CREATE_RULE_URL } from '../../../../urls/navigation'; @@ -147,7 +143,6 @@ describe( .should('have.text', `${humanizedDuration}`); }); - waitForTheRuleToBeExecuted(); waitForAlertsToPopulate(); cy.get(ALERTS_COUNT).should(($count) => expect(+$count.text().split(' ')[0]).to.be.lt(100)); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/maintenance_windows/maintenance_window_callout.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/maintenance_windows/maintenance_window_callout.cy.ts index b5e7218aaa293..7a12d586227cc 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/maintenance_windows/maintenance_window_callout.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/maintenance_windows/maintenance_window_callout.cy.ts @@ -12,9 +12,10 @@ import { login } from '../../../../tasks/login'; import { visit } from '../../../../tasks/navigation'; import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management'; +// https://github.com/elastic/kibana/issues/184160 describe( 'Maintenance window callout on Rule Management page', - { tags: ['@ess', '@serverless'] }, + { tags: ['@ess', '@serverless', '@skipInServerless'] }, () => { let maintenanceWindowId = ''; diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/legacy_risk_score.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/legacy_risk_score.cy.ts index ad851367a3349..a809c0011db14 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/legacy_risk_score.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/legacy_risk_score.cy.ts @@ -47,255 +47,250 @@ const SIEM_KIBANA_HOST_NAME = 'siem-kibana'; const DATE_FORMAT = 'MMM D, YYYY @ HH:mm:ss.SSS'; const DATE_BEFORE_ALERT_CREATION = moment().format(DATE_FORMAT); -// https://github.com/elastic/kibana/issues/179686 -describe( - 'Entity Analytics Dashboard', - { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }, - () => { - before(() => { - cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' }); +describe('Entity Analytics Dashboard', { tags: ['@ess'] }, () => { + before(() => { + cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' }); + }); + + after(() => { + cy.task('esArchiverUnload', { archiveName: 'auditbeat_multiple' }); + }); + + describe('legacy risk score', () => { + describe('Without data', () => { + beforeEach(() => { + login(); + visitWithTimeRange(ENTITY_ANALYTICS_URL); + }); + + it('shows enable host risk button', () => { + cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible'); + }); + + it('shows enable user risk button', () => { + cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible'); + }); }); - after(() => { - cy.task('esArchiverUnload', { archiveName: 'auditbeat_multiple' }); + describe('Risk Score enabled but still no data', () => { + before(() => { + cy.task('esArchiverLoad', { archiveName: 'risk_hosts_no_data' }); + cy.task('esArchiverLoad', { archiveName: 'risk_users_no_data' }); + }); + + beforeEach(() => { + login(); + visitWithTimeRange(ENTITY_ANALYTICS_URL); + }); + + after(() => { + cy.task('esArchiverUnload', { archiveName: 'risk_hosts_no_data' }); + cy.task('esArchiverUnload', { archiveName: 'risk_users_no_data' }); + }); + + it('shows no data detected prompt for host risk score module', () => { + cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible'); + }); + + it('shows no data detected prompt for user risk score module', () => { + cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible'); + }); }); - describe('legacy risk score', () => { - describe('Without data', () => { - beforeEach(() => { - login(); - visitWithTimeRange(ENTITY_ANALYTICS_URL); - }); + describe('With Legacy data', () => { + before(() => { + cy.task('esArchiverLoad', { archiveName: 'risk_hosts_legacy_data' }); + cy.task('esArchiverLoad', { archiveName: 'risk_users_legacy_data' }); + }); - it('shows enable host risk button', () => { - cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible'); - }); + beforeEach(() => { + login(); + visitWithTimeRange(ENTITY_ANALYTICS_URL); + }); - it('shows enable user risk button', () => { - cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible'); - }); + after(() => { + cy.task('esArchiverUnload', { archiveName: 'risk_hosts_legacy_data' }); + cy.task('esArchiverUnload', { archiveName: 'risk_users_legacy_data' }); }); - describe('Risk Score enabled but still no data', () => { - before(() => { - cy.task('esArchiverLoad', { archiveName: 'risk_hosts_no_data' }); - cy.task('esArchiverLoad', { archiveName: 'risk_users_no_data' }); - }); + it('shows enable host risk button', () => { + cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible'); + }); - beforeEach(() => { - login(); - visitWithTimeRange(ENTITY_ANALYTICS_URL); - }); + it('shows enable user risk button', () => { + cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible'); + }); + }); - after(() => { - cy.task('esArchiverUnload', { archiveName: 'risk_hosts_no_data' }); - cy.task('esArchiverUnload', { archiveName: 'risk_users_no_data' }); - }); + describe('With host risk data', () => { + before(() => { + cy.task('esArchiverLoad', { archiveName: 'risk_hosts' }); + }); - it('shows no data detected prompt for host risk score module', () => { - cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible'); - }); + beforeEach(() => { + login(); + visitWithTimeRange(ENTITY_ANALYTICS_URL); + }); - it('shows no data detected prompt for user risk score module', () => { - cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible'); - }); + after(() => { + cy.task('esArchiverUnload', { archiveName: 'risk_hosts' }); }); - describe('With Legacy data', () => { - before(() => { - cy.task('esArchiverLoad', { archiveName: 'risk_hosts_legacy_data' }); - cy.task('esArchiverLoad', { archiveName: 'risk_users_legacy_data' }); - }); + it('renders donut chart', () => { + cy.get(HOSTS_DONUT_CHART).should('include.text', '6Total'); + }); - beforeEach(() => { - login(); - visitWithTimeRange(ENTITY_ANALYTICS_URL); - }); + it('renders table', () => { + cy.get(HOSTS_TABLE).should('be.visible'); + cy.get(HOSTS_TABLE_ROWS).should('have.length', 5); + }); - after(() => { - cy.task('esArchiverUnload', { archiveName: 'risk_hosts_legacy_data' }); - cy.task('esArchiverUnload', { archiveName: 'risk_users_legacy_data' }); - }); + it('renders alerts column', () => { + cy.get(HOSTS_TABLE_ALERT_CELL).should('have.length', 5); + }); + it('filters by risk level', () => { + cy.get(HOSTS_TABLE).should('be.visible'); + cy.get(HOSTS_TABLE_ROWS).should('have.length', 5); - it('shows enable host risk button', () => { - cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible'); - }); + openRiskTableFilterAndSelectTheLowOption(); - it('shows enable user risk button', () => { - cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible'); - }); + cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total'); + cy.get(HOSTS_TABLE_ROWS).should('have.length', 1); + + removeLowFilterAndCloseRiskTableFilter(); }); - describe('With host risk data', () => { + it('filters the host risk table with KQL search bar query', () => { + kqlSearch(`host.name : ${SIEM_KIBANA_HOST_NAME}{enter}`); + + cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total'); + cy.get(HOSTS_TABLE_ROWS).should('have.length', 1); + }); + + describe('With alerts data', () => { before(() => { - cy.task('esArchiverLoad', { archiveName: 'risk_hosts' }); + createRule(getNewRule()); }); beforeEach(() => { login(); + visitWithTimeRange(ALERTS_URL); + waitForAlertsToPopulate(); visitWithTimeRange(ENTITY_ANALYTICS_URL); }); after(() => { - cy.task('esArchiverUnload', { archiveName: 'risk_hosts' }); + deleteAlertsAndRules(); }); - it('renders donut chart', () => { - cy.get(HOSTS_DONUT_CHART).should('include.text', '6Total'); + it('populates alerts column', () => { + cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', SIEM_KIBANA_HOST_ALERTS); }); - it('renders table', () => { - cy.get(HOSTS_TABLE).should('be.visible'); - cy.get(HOSTS_TABLE_ROWS).should('have.length', 5); - }); + it('filters the alerts count with time range', () => { + setEndDate(DATE_BEFORE_ALERT_CREATION); - it('renders alerts column', () => { - cy.get(HOSTS_TABLE_ALERT_CELL).should('have.length', 5); - }); - it('filters by risk level', () => { - cy.get(HOSTS_TABLE).should('be.visible'); - cy.get(HOSTS_TABLE_ROWS).should('have.length', 5); + updateDashboardTimeRange(); - openRiskTableFilterAndSelectTheLowOption(); + cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0); + }); - cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total'); - cy.get(HOSTS_TABLE_ROWS).should('have.length', 1); + it('opens alerts page when alerts count is clicked', () => { + clickOnFirstHostsAlerts(); + cy.url().should('include', ALERTS_URL); - removeLowFilterAndCloseRiskTableFilter(); + cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status'); + cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open'); + cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'Host'); + cy.get(OPTION_LIST_VALUES(1)).should('include.text', SIEM_KIBANA_HOST_NAME); }); + }); + }); - it('filters the host risk table with KQL search bar query', () => { - kqlSearch(`host.name : ${SIEM_KIBANA_HOST_NAME}{enter}`); + describe('With user risk data', () => { + before(() => { + cy.task('esArchiverLoad', { archiveName: 'risk_users' }); + }); - cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total'); - cy.get(HOSTS_TABLE_ROWS).should('have.length', 1); - }); + beforeEach(() => { + login(); + visitWithTimeRange(ENTITY_ANALYTICS_URL); + }); + + after(() => { + cy.task('esArchiverUnload', { archiveName: 'risk_users' }); + }); - describe('With alerts data', () => { - before(() => { - createRule(getNewRule()); - }); + it('renders donut chart', () => { + cy.get(USERS_DONUT_CHART).should('include.text', '7Total'); + }); - beforeEach(() => { - login(); - visitWithTimeRange(ALERTS_URL); - waitForAlertsToPopulate(); - visitWithTimeRange(ENTITY_ANALYTICS_URL); - }); + it('renders table', () => { + cy.get(USERS_TABLE).should('be.visible'); + cy.get(USERS_TABLE_ROWS).should('have.length', 5); + }); - after(() => { - deleteAlertsAndRules(); - }); + it('renders alerts column', () => { + cy.get(USERS_TABLE_ALERT_CELL).should('have.length', 5); + }); - it('populates alerts column', () => { - cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', SIEM_KIBANA_HOST_ALERTS); - }); + it('filters by risk level', () => { + cy.get(USERS_TABLE).should('be.visible'); + cy.get(USERS_TABLE_ROWS).should('have.length', 5); - it('filters the alerts count with time range', () => { - setEndDate(DATE_BEFORE_ALERT_CREATION); + openRiskTableFilterAndSelectTheLowOption(); - updateDashboardTimeRange(); + cy.get(USERS_DONUT_CHART).should('include.text', '2Total'); + cy.get(USERS_TABLE_ROWS).should('have.length', 2); - cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0); - }); + removeLowFilterAndCloseRiskTableFilter(); + }); - it('opens alerts page when alerts count is clicked', () => { - clickOnFirstHostsAlerts(); - cy.url().should('include', ALERTS_URL); + it('filters the host risk table with KQL search bar query', () => { + kqlSearch(`user.name : ${TEST_USER_NAME}{enter}`); - cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status'); - cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open'); - cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'Host'); - cy.get(OPTION_LIST_VALUES(1)).should('include.text', SIEM_KIBANA_HOST_NAME); - }); - }); + cy.get(USERS_DONUT_CHART).should('include.text', '1Total'); + cy.get(USERS_TABLE_ROWS).should('have.length', 1); }); - describe('With user risk data', () => { + describe('With alerts data', () => { before(() => { - cy.task('esArchiverLoad', { archiveName: 'risk_users' }); + createRule(getNewRule()); }); beforeEach(() => { login(); + visitWithTimeRange(ALERTS_URL); + waitForAlertsToPopulate(); visitWithTimeRange(ENTITY_ANALYTICS_URL); }); after(() => { - cy.task('esArchiverUnload', { archiveName: 'risk_users' }); + deleteAlertsAndRules(); }); - it('renders donut chart', () => { - cy.get(USERS_DONUT_CHART).should('include.text', '7Total'); + it('populates alerts column', () => { + cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', TEST_USER_ALERTS); }); - it('renders table', () => { - cy.get(USERS_TABLE).should('be.visible'); - cy.get(USERS_TABLE_ROWS).should('have.length', 5); - }); + it('filters the alerts count with time range', () => { + setEndDate(DATE_BEFORE_ALERT_CREATION); + updateDashboardTimeRange(); - it('renders alerts column', () => { - cy.get(USERS_TABLE_ALERT_CELL).should('have.length', 5); + cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0); }); - it('filters by risk level', () => { - cy.get(USERS_TABLE).should('be.visible'); - cy.get(USERS_TABLE_ROWS).should('have.length', 5); - - openRiskTableFilterAndSelectTheLowOption(); - - cy.get(USERS_DONUT_CHART).should('include.text', '2Total'); - cy.get(USERS_TABLE_ROWS).should('have.length', 2); - - removeLowFilterAndCloseRiskTableFilter(); - }); - - it('filters the host risk table with KQL search bar query', () => { - kqlSearch(`user.name : ${TEST_USER_NAME}{enter}`); - - cy.get(USERS_DONUT_CHART).should('include.text', '1Total'); - cy.get(USERS_TABLE_ROWS).should('have.length', 1); - }); - - describe('With alerts data', () => { - before(() => { - createRule(getNewRule()); - }); - - beforeEach(() => { - login(); - visitWithTimeRange(ALERTS_URL); - waitForAlertsToPopulate(); - visitWithTimeRange(ENTITY_ANALYTICS_URL); - }); - - after(() => { - deleteAlertsAndRules(); - }); - - it('populates alerts column', () => { - cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', TEST_USER_ALERTS); - }); - - it('filters the alerts count with time range', () => { - setEndDate(DATE_BEFORE_ALERT_CREATION); - updateDashboardTimeRange(); - - cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0); - }); - - it('opens alerts page when alerts count is clicked', () => { - clickOnFirstUsersAlerts(); + it('opens alerts page when alerts count is clicked', () => { + clickOnFirstUsersAlerts(); - cy.url().should('include', ALERTS_URL); + cy.url().should('include', ALERTS_URL); - cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status'); - cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open'); - cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'User'); - cy.get(OPTION_LIST_VALUES(1)).should('include.text', TEST_USER_NAME); - }); + cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status'); + cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open'); + cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'User'); + cy.get(OPTION_LIST_VALUES(1)).should('include.text', TEST_USER_NAME); }); }); }); - } -); + }); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts index 410239309aeb1..5fa97ed2f90f9 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts @@ -35,7 +35,7 @@ import { deleteRiskEngineConfiguration } from '../../../tasks/api_calls/risk_eng const spaceId = 'default'; -describe('Upgrade risk scores', { tags: ['@ess', '@serverless'] }, () => { +describe('Upgrade risk scores', { tags: ['@ess'] }, () => { beforeEach(() => { login(); deleteRiskEngineConfiguration(); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/host_details/risk_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/host_details/risk_tab.cy.ts index d4fbb0dafb9f4..746f28cba4462 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/host_details/risk_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/host_details/risk_tab.cy.ts @@ -16,7 +16,7 @@ import { RISK_INFORMATION_FLYOUT_HEADER } from '../../../screens/entity_analytic import { navigateToHostRiskDetailTab } from '../../../tasks/host_risk'; import { deleteAlertsAndRules } from '../../../tasks/api_calls/common'; -describe('risk tab', { tags: ['@ess', '@serverless'] }, () => { +describe('risk tab', { tags: ['@ess'] }, () => { describe('with legacy risk score', () => { beforeEach(() => { cy.task('esArchiverLoad', { archiveName: 'risk_hosts' }); @@ -49,7 +49,7 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => { }); }); - describe('with new risk score', () => { + describe('with new risk score', { tags: ['@serverless'] }, () => { before(() => { cy.task('esArchiverLoad', { archiveName: 'risk_scores_new_complete_data' }); cy.task('esArchiverLoad', { archiveName: 'query_alert', useCreate: true, docsOnly: true }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/host_risk_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/host_risk_tab.cy.ts index 6986580d689b6..2f1b4d4e9eb91 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/host_risk_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/host_risk_tab.cy.ts @@ -22,7 +22,7 @@ import { hostsUrl } from '../../../urls/navigation'; import { kqlSearch } from '../../../tasks/security_header'; import { mockRiskEngineEnabled } from '../../../tasks/entity_analytics'; -describe('risk tab', { tags: ['@ess', '@serverless'] }, () => { +describe('risk tab', { tags: ['@ess'] }, () => { describe('with legacy risk score', () => { before(() => { cy.task('esArchiverLoad', { archiveName: 'risk_hosts' }); @@ -70,7 +70,7 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => { }); }); - describe('with new risk score', () => { + describe('with new risk score', { tags: ['@serverless'] }, () => { before(() => { cy.task('esArchiverLoad', { archiveName: 'risk_scores_new' }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/hosts_risk_column.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/hosts_risk_column.cy.ts index 5c9288bf4bb4f..cf52585f9bbea 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/hosts_risk_column.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/hosts_risk_column.cy.ts @@ -13,7 +13,7 @@ import { TABLE_CELL } from '../../../screens/alerts_details'; import { kqlSearch } from '../../../tasks/security_header'; import { mockRiskEngineEnabled } from '../../../tasks/entity_analytics'; -describe('All hosts table', { tags: ['@ess', '@serverless'] }, () => { +describe('All hosts table', { tags: ['@ess'] }, () => { describe('with legacy risk score', () => { before(() => { cy.task('esArchiverLoad', { archiveName: 'risk_hosts' }); @@ -36,7 +36,7 @@ describe('All hosts table', { tags: ['@ess', '@serverless'] }, () => { }); }); - describe('with new risk score', () => { + describe('with new risk score', { tags: ['@serverless'] }, () => { before(() => { cy.task('esArchiverLoad', { archiveName: 'risk_scores_new' }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts index d6158c21eafa0..45dcbd0b6c861 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts @@ -52,12 +52,12 @@ import { login } from '../../../tasks/login'; import { visit, visitWithTimeRange } from '../../../tasks/navigation'; import { CASES_URL, OVERVIEW_URL } from '../../../urls/navigation'; -import { CLOUD_SERVERLESS, ELASTICSEARCH_USERNAME } from '../../../env_var_names_constants'; +import { ELASTICSEARCH_USERNAME, IS_SERVERLESS } from '../../../env_var_names_constants'; import { deleteCases } from '../../../tasks/api_calls/cases'; // https://github.com/elastic/kibana/issues/179231 -const isCloudServerless = Cypress.env(CLOUD_SERVERLESS); -const username = isCloudServerless ? 'admin' : Cypress.env(ELASTICSEARCH_USERNAME); +const isServerless = Cypress.env(IS_SERVERLESS); +const username = isServerless ? 'platform_engineer' : Cypress.env(ELASTICSEARCH_USERNAME); // Tracked by https://github.com/elastic/security-team/issues/7696 describe('Cases', { tags: ['@ess', '@serverless'] }, () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/users/users_tabs.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/users/users_tabs.cy.ts index 83321290917cd..1a563156415ab 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/users/users_tabs.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/users/users_tabs.cy.ts @@ -68,7 +68,8 @@ describe('Users stats and tables', { tags: ['@ess', '@serverless'] }, () => { cy.get(EVENTS_TAB_CONTENT).should('exist'); }); - it(`renders users risk tab`, () => { + // https://github.com/elastic/kibana/issues/184201 + it(`renders users risk tab`, { tags: ['@skipInServerless'] }, () => { waitForTabToBeLoaded(RISK_SCORE_TAB); cy.get(RISK_SCORE_TAB_CONTENT).should('exist'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts index 04699896661c0..c7b54e26db890 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts @@ -61,13 +61,18 @@ import { getNewRule } from '../../../../objects/rule'; import { ALERTS_URL } from '../../../../urls/navigation'; import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; import { TOASTER } from '../../../../screens/alerts_detection_rules'; +import { ELASTICSEARCH_USERNAME, IS_SERVERLESS } from '../../../../env_var_names_constants'; + +// We need to use the 'soc_manager' role in order to have the 'Respond' action displayed in serverless +const isServerless = Cypress.env(IS_SERVERLESS); +const role = isServerless ? 'soc_manager' : Cypress.env(ELASTICSEARCH_USERNAME); describe('Alert details expandable flyout right panel', { tags: ['@ess', '@serverless'] }, () => { const rule = getNewRule(); beforeEach(() => { deleteAlertsAndRules(); - login(); + login(role); createRule(rule); visit(ALERTS_URL); waitForAlertsToPopulate(); diff --git a/x-pack/test/security_solution_cypress/cypress/objects/rule.ts b/x-pack/test/security_solution_cypress/cypress/objects/rule.ts index 7260dae14d930..04ba983664952 100644 --- a/x-pack/test/security_solution_cypress/cypress/objects/rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/objects/rule.ts @@ -216,7 +216,7 @@ export const getUnmappedRule = ( ): QueryRuleCreateProps => ({ type: 'query', query: '*:*', - index: ['unmapped*'], + index: ['auditbeat-unmapped*'], name: 'Rule with unmapped fields', description: 'The new rule description.', severity: 'high', @@ -478,7 +478,7 @@ export const getNewThreatIndicatorRule = ( query: '*:*', threat_query: '*:*', threat_language: 'kuery', - index: ['suspicious-*'], + index: ['auditbeat-suspicious-*'], severity: 'critical', risk_score: 20, tags: ['test', 'threat'], diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/common/users.ts b/x-pack/test/security_solution_cypress/cypress/tasks/common/users.ts index f918429937687..4792ca0df7ebe 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/common/users.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/common/users.ts @@ -5,11 +5,11 @@ * 2.0. */ -import { CLOUD_SERVERLESS } from '../../env_var_names_constants'; +import { IS_SERVERLESS } from '../../env_var_names_constants'; -type DefaultUsername = 'testing-internal' | 'system_indices_superuser'; +type DefaultUsername = 'platform_engineer' | 'system_indices_superuser'; export const getDefaultUsername = (): DefaultUsername => { - const isMKIserverless: boolean = Cypress.env(CLOUD_SERVERLESS); - return isMKIserverless ? 'testing-internal' : 'system_indices_superuser'; + const isServerless: boolean = Cypress.env(IS_SERVERLESS); + return isServerless ? 'platform_engineer' : 'system_indices_superuser'; }; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts index 036f9c56d6293..c43aaa26e3c4e 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts @@ -40,19 +40,12 @@ export const getEnvAuth = (role: SecurityRoleName): User => { return user; }; -export const getDefaultUserName = (): string => { - if (Cypress.env(IS_SERVERLESS)) { - return Cypress.env(CLOUD_SERVERLESS) ? 'admin' : 'system_indices_superuser'; - } - return defaultUser.username; -}; - export const login = (role?: SecurityRoleName): void => { let testRole = ''; if (Cypress.env(IS_SERVERLESS)) { if (!role) { - testRole = Cypress.env(CLOUD_SERVERLESS) ? 'admin' : 'system_indices_superuser'; + testRole = 'platform_engineer'; } else { testRole = role; } diff --git a/x-pack/test/security_solution_cypress/es_archives/conflicts_1/data.json b/x-pack/test/security_solution_cypress/es_archives/conflicts_1/data.json index a61c3608a0b90..ca8593b9f28b5 100644 --- a/x-pack/test/security_solution_cypress/es_archives/conflicts_1/data.json +++ b/x-pack/test/security_solution_cypress/es_archives/conflicts_1/data.json @@ -2,7 +2,7 @@ "type": "doc", "value": { "id": "k9V5UIYBpykOpthsKsB8", - "index": "conflicts-0001", + "index": "auditbeat-conflicts-0001", "source": { "@timestamp": "2023-02-14T00:45:06.527Z", "doc_id": 11111, @@ -16,7 +16,7 @@ "type": "doc", "value": { "id": "o9WEUIYBpykOpthswsA9", - "index": "conflicts-0001", + "index": "auditbeat-conflicts-0001", "source": { "@timestamp": "2023-02-14T02:45:06.527Z", "doc_id": 2222, diff --git a/x-pack/test/security_solution_cypress/es_archives/conflicts_1/mappings.json b/x-pack/test/security_solution_cypress/es_archives/conflicts_1/mappings.json index 7dfa886c8b50b..6c227a8743e28 100644 --- a/x-pack/test/security_solution_cypress/es_archives/conflicts_1/mappings.json +++ b/x-pack/test/security_solution_cypress/es_archives/conflicts_1/mappings.json @@ -3,7 +3,7 @@ "value": { "aliases": { }, - "index": "conflicts-0001", + "index": "auditbeat-conflicts-0001", "mappings": { "dynamic": false, "properties": { diff --git a/x-pack/test/security_solution_cypress/es_archives/conflicts_2/data.json b/x-pack/test/security_solution_cypress/es_archives/conflicts_2/data.json index ddeacb78eab95..aabf44d6c210e 100644 --- a/x-pack/test/security_solution_cypress/es_archives/conflicts_2/data.json +++ b/x-pack/test/security_solution_cypress/es_archives/conflicts_2/data.json @@ -2,7 +2,7 @@ "type": "doc", "value": { "id": "tNWLUIYBpykOpthsMsB9", - "index": "conflicts-0002", + "index": "auditbeat-conflicts-0002", "source": { "@timestamp": "2023-02-14T03:45:06.527Z", "doc_id": false, @@ -16,7 +16,7 @@ "type": "doc", "value": { "id": "ttWLUIYBpykOpthsUMAD", - "index": "conflicts-0002", + "index": "auditbeat-conflicts-0002", "source": { "@timestamp": "2023-02-14T04:45:06.527Z", "doc_id": true, diff --git a/x-pack/test/security_solution_cypress/es_archives/conflicts_2/mappings.json b/x-pack/test/security_solution_cypress/es_archives/conflicts_2/mappings.json index 004ed7425ed0f..cd1c25d015be7 100644 --- a/x-pack/test/security_solution_cypress/es_archives/conflicts_2/mappings.json +++ b/x-pack/test/security_solution_cypress/es_archives/conflicts_2/mappings.json @@ -3,7 +3,7 @@ "value": { "aliases": { }, - "index": "conflicts-0002", + "index": "auditbeat-conflicts-0002", "mappings": { "dynamic": false, "properties": { diff --git a/x-pack/test/security_solution_cypress/es_archives/exceptions/data.json b/x-pack/test/security_solution_cypress/es_archives/exceptions/data.json index 808aeaa22925c..82a95e7732e4d 100644 --- a/x-pack/test/security_solution_cypress/es_archives/exceptions/data.json +++ b/x-pack/test/security_solution_cypress/es_archives/exceptions/data.json @@ -2,7 +2,7 @@ "type": "doc", "value": { "id": "_aZE5nwBOpWiDweSth_D", - "index": "exceptions-0001", + "index": "auditbeat-exceptions-0001", "source": { "@timestamp": "2019-09-01T00:41:06.527Z", "agent": { @@ -29,7 +29,7 @@ "type": "doc", "value": { "id": "_aZE5nwBOpWiDweSth_A", - "index": "exceptions-0001", + "index": "auditbeat-exceptions-0001", "source": { "@timestamp": "2019-09-01T00:41:04.527Z", "agent": { @@ -56,7 +56,7 @@ "type": "doc", "value": { "id": "_aZE5nwBOpWiDweSth_C", - "index": "exceptions-0001", + "index": "auditbeat-exceptions-0001", "source": { "@timestamp": "2019-09-01T00:41:09.527Z", "agent": { diff --git a/x-pack/test/security_solution_cypress/es_archives/exceptions/mappings.json b/x-pack/test/security_solution_cypress/es_archives/exceptions/mappings.json index 3b5cc2dae545c..4448d1d8bab9a 100644 --- a/x-pack/test/security_solution_cypress/es_archives/exceptions/mappings.json +++ b/x-pack/test/security_solution_cypress/es_archives/exceptions/mappings.json @@ -11,7 +11,7 @@ "refresh_interval": "5s" } }, - "index": "exceptions-0001", + "index": "auditbeat-exceptions-0001", "mappings": { "properties": { "@timestamp": { diff --git a/x-pack/test/security_solution_cypress/es_archives/exceptions_2/data.json b/x-pack/test/security_solution_cypress/es_archives/exceptions_2/data.json index 72dc01b9bac54..7ee277a18fce8 100644 --- a/x-pack/test/security_solution_cypress/es_archives/exceptions_2/data.json +++ b/x-pack/test/security_solution_cypress/es_archives/exceptions_2/data.json @@ -2,7 +2,7 @@ "type": "doc", "value": { "id": "_aZE5nwBOpWiDweSth_E", - "index": "exceptions-0002", + "index": "auditbeat-exceptions-0002", "source": { "@timestamp": "2019-09-02T00:45:06.527Z", "agent": { @@ -29,7 +29,7 @@ "type": "doc", "value": { "id": "_aZE5nwBOpWiDweSth_F", - "index": "exceptions-0002", + "index": "auditbeat-exceptions-0002", "source": { "@timestamp": "2019-09-02T00:46:06.527Z", "agent": { diff --git a/x-pack/test/security_solution_cypress/es_archives/exceptions_2/mappings.json b/x-pack/test/security_solution_cypress/es_archives/exceptions_2/mappings.json index f5f07c23046aa..963dfc1da4315 100644 --- a/x-pack/test/security_solution_cypress/es_archives/exceptions_2/mappings.json +++ b/x-pack/test/security_solution_cypress/es_archives/exceptions_2/mappings.json @@ -11,7 +11,7 @@ "refresh_interval": "5s" } }, - "index": "exceptions-0002", + "index": "auditbeat-exceptions-0002", "mappings": { "properties": { "@timestamp": { diff --git a/x-pack/test/security_solution_cypress/es_archives/linux_process/data.json b/x-pack/test/security_solution_cypress/es_archives/linux_process/data.json index ed29f3fe3e4e1..e15c95c1b1bb3 100644 --- a/x-pack/test/security_solution_cypress/es_archives/linux_process/data.json +++ b/x-pack/test/security_solution_cypress/es_archives/linux_process/data.json @@ -2,7 +2,7 @@ "type": "doc", "value": { "id": "qxnqn3sBBf0WZxoXk7tg", - "index": "run-parts", + "index": "auditbeat-run-parts", "source": { "@timestamp": "2021-09-01T05:52:29.9451497Z", "agent": { diff --git a/x-pack/test/security_solution_cypress/es_archives/linux_process/mappings.json b/x-pack/test/security_solution_cypress/es_archives/linux_process/mappings.json index b7bc39a0f803c..582c99db625d6 100644 --- a/x-pack/test/security_solution_cypress/es_archives/linux_process/mappings.json +++ b/x-pack/test/security_solution_cypress/es_archives/linux_process/mappings.json @@ -3,7 +3,7 @@ "value": { "aliases": { }, - "index": "run-parts", + "index": "auditbeat-run-parts", "mappings": { "_data_stream_timestamp": { "enabled": true diff --git a/x-pack/test/security_solution_cypress/es_archives/suspicious_source_event/data.json b/x-pack/test/security_solution_cypress/es_archives/suspicious_source_event/data.json index 543250ba17499..777340ba54e0f 100644 --- a/x-pack/test/security_solution_cypress/es_archives/suspicious_source_event/data.json +++ b/x-pack/test/security_solution_cypress/es_archives/suspicious_source_event/data.json @@ -2,7 +2,7 @@ "type": "doc", "value": { "id": "_eZE7mwBOpWiDweStB_c", - "index": "suspicious-source-event-001", + "index": "auditbeat-suspicious-source-event-001", "source": { "@timestamp": "2021-02-22T21:00:49.337Z", "myhash": { diff --git a/x-pack/test/security_solution_cypress/es_archives/suspicious_source_event/mappings.json b/x-pack/test/security_solution_cypress/es_archives/suspicious_source_event/mappings.json index 83b2b4d64a510..20b3a1436a13b 100644 --- a/x-pack/test/security_solution_cypress/es_archives/suspicious_source_event/mappings.json +++ b/x-pack/test/security_solution_cypress/es_archives/suspicious_source_event/mappings.json @@ -10,7 +10,7 @@ "siem-read-alias": { } }, - "index": "suspicious-source-event-001", + "index": "auditbeat-suspicious-source-event-001", "mappings": { "properties": { "@timestamp": { diff --git a/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json index b1e5d16e44b43..91271e3ecff61 100644 --- a/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json +++ b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json @@ -2,7 +2,7 @@ "type": "doc", "value": { "id": "_eZE7mwBOpWiDweStB_c", - "index": "unmapped-7.12.0-2021.03.10-000001", + "index": "auditbeat-unmapped-7.12.0-2021.03.10-000001", "source": { "@timestamp":"2021-02-22T21:00:49.337Z", "mydestination":{ diff --git a/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json index 7ae04b1949cc0..dd9775e67553d 100644 --- a/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json +++ b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json @@ -3,7 +3,7 @@ "value": { "aliases": { }, - "index": "unmapped-7.12.0-2021.03.10-000001", + "index": "auditbeat-unmapped-7.12.0-2021.03.10-000001", "mappings": { "dynamic": false, "properties":{